The Secrets about Russia’s Influence Operation that Tulsi Gabbard Is Still Keeping from Us

Yesterday, I wrote about how utterly fucking ridiculous Tulsi Gabbard’s influence operation claiming a Deep State plot against Donald Trump because Barrack Obama knows the difference between a voting machine and the DNC server (which Tulsi claims not to know in her little project).

Her propaganda project is not without benefit. I mean, not only have I called on all the right wing members of Congress who’ve been duped by Tulsi to demand that Pam Bondi fire Kash Patel for covering this all up when he reviewed the same files in 2020. But Tulsi declassified a somewhat classified version of the 2017 ICA (there were two classified versions, a super classified version for President Obama, Trump, and the Gang of Eight, and a less-classified version for other members of Congress — this is the latter). So not only can we see what secrets about Russia’s 2016 interference Director Tulsi wants to keep from us, but we can compare the classified version with the publicly-released version to see what was sensitive in 2017 but no longer is.

There are a number of things that either did not exist in the public version or remain significantly redacted. For example:

  • The classified version includes more discussion of the confidence levels. “We have high confidence in this assessment [that both SVR and GRU hacked political targets], the assessment described, “because it is based on a body of [redacted] intelligence reporting that reinforces and elaborates on publicly available commercial cyber analyses.” Elsewhere such language explains why some agencies were less certain.
  • Speaking of Russian spooks targeting political targets, the classified ICA provided more details on the RNC hacks, which had been reported but never explained in detail. GRU hacked GOP targets in early July 2016, but (it appears) that server hadn’t been used for over six years. But that paragraph immediately precedes one of the only entirely redacted paragraphs in the assessment. A paragraph in a later section describing that “we saw Russian collection on some Republican-affiliated targets,” also includes three redacted lines.
  • There’s a bit more detail on senior Russian officials, such as details about what hacked information was shared as intelligence, rather than used as an information operation.
  • There’s an entire section on Russia’s targeting of state election infrastructure, including details on an Illinois hack that, I had been told by sources, was far more serious than publicly acknowledged. There’s one short paragraph addressing one of the several hacks revealed by Reality Winner. In general, the report was overly optimistic about Russian targeting of voting infrastructure, and simply didn’t imagine that Russia might steal registration data so it could conduct an attack like Cambridge Analytica.
  • There’s a section explaining the ways that the attack could have been worse (though that claim is based, in part, on an assessment that “We did not detect extensive [redacted] influence operations as part of the Kremlin’s campaign.” Perhaps that part of the assessment would change as Robert Mueller investigated.
  • There’s more detail on Russia’s past election interference (this section is worth comparing side by side), along with a map of operations spanning 2000 to 2016 (though the details remain classified). The ICA also predicted (in two still partly redacted paragraphs) that Germany’s fall 2017 election would be the next one targeted; it ended up being France’s May 2017 election.

Those are just interesting details, nothing really that (no matter how much Tulsi misrepresents all this) disrupts years of questions about the attributions.

There are just two passages I’m far more interested in.

In the section on the trolls, in the paragraph before one that addresses Yevgeniy Prigozhin’s role in funding it, there’s both a subheading and the first few lines of that section redacted.

I’m interested in that because, as I’ve gotten further from 2016, I’ve seen more reason to believe that the Russian effort to use trolls to make stuff go viral closely overlapped with the far right effort to do the same.

And finally — unsurprisingly — I’m interested in details about the Guccifer 2.0 attribution that wasn’t in the public report. The italicized language below is new in the classified report.

The Kremlin’s campaign aimed at the US election featured disclosures of data obtained through Russian cyber operations via WikiLeaks, as well as via the Guccifer 2.0 persona and DCLeaks.com, which are both likely GRU operations; GRU intrusions into US state electoral infrastructure; and overt propaganda. Russian foreign intelligence collection both informed and enabled the influence campaign, [redacted]

[snip]

Public Disclosures of Russian-Collected Data. We assess the GRU used both the Guccifer 2.0 persona and DCLeaks.com operationally to release US [victim] data obtained in GRU cyber operations publicly and in exclusives to media outlets. We have high confidence that Guccifer 2.0 and DCLeaks.com published GRU- hacked data, but moderate confidence that they were under direct GRU control [redacted]. We base our judgments on several factors: the information that was disclosed was information we assess the GRU accessed as part of its operations against US political targets; the initial data leak occurred the day after the US cybersecurity firm CrowdStrike publicized Russia’s intrusion into the DNC; and signals intelligence placed the operators of Guccifer 2.0 and DCLeaks.com in Russia. 

Guccifer 2.0, who claimed to be an independent Romanian hacker, made multiple contradictory statements and false claims about his identity throughout the election; [redacted] intelligence indicated the persona was controlled from Russia, and press reporting suggests more than one person claiming to be Guccifer 2.0 interacted with journalists, based on [redacted] and interactions with the press.

Content that we assess was taken from [redacted] e-mail accounts targeted in March 2016 by a GRU cyber espionage unit subsequently appeared on DCLeaks.com in June.

On several occasions, the administrators of Guccifer 2.0 and DCLeaks.com logged in to accounts associated with those personas using a Russia-based mobile broadband provider [redacted] although they generally attempted to obscure the source of their Internet traffic.

Of particular interest, to me especially: the IC was pretty sure that Russia was using Guccifer 2.0 to disseminate the stolen files, but was less sure what the relationship between the persona and the spooks running it was. The passage includes the allegedly accidental log-ins via a Russian provider, which was reported years ago. But in early 2017, anyway, all this was ambiguous.

Given the conspiracy theories Tulsi is spewing, all these questions seem quaint now.

But the ambiguity from the period did carry over for some time later.